# upstream: yes
# https://github.com/proot-me/proot/pull/203

# adapted to fit proot's old release

From 2e796c5a0ed3c04d0816405422c8d6a25eccf5c2 Mon Sep 17 00:00:00 2001
From: Michal Bednarski <bednarski.michal2@gmail.com>
Date: Thu, 5 Sep 2019 15:19:08 +0200
Subject: [PATCH] Prevent tracees from becoming undumpable

--- src/syscall/enter.c
+++ src/syscall/enter.c
@@ -26,7 +26,8 @@
 #include <linux/net.h>   /* SYS_*, */
 #include <fcntl.h>       /* AT_FDCWD, */
 #include <limits.h>      /* PATH_MAX, */
-
+#include <string.h>      /* strcpy */
+#include <sys/prctl.h>   /* PR_SET_DUMPABLE */
 #include "syscall/syscall.h"
 #include "syscall/sysnum.h"
 #include "syscall/socket.h"
@@ -563,6 +564,15 @@
 
 		status = translate_path2(tracee, newdirfd, newpath, SYSARG_3, SYMLINK);
 		break;
+
+	case PR_prctl:
+		/* Prevent tracees from setting dumpable flag.
+		* (Otherwise it could break tracee memory access)  */
+		if (peek_reg(tracee, CURRENT, SYSARG_1) == PR_SET_DUMPABLE) {
+			set_sysnum(tracee, PR_void);
+			status = 0;
+		}
+		break;
 	}
 
 end:
--- src/syscall/seccomp.c
+++ src/syscall/seccomp.c
@@ -377,6 +377,7 @@
 	{ PR_open,		0 },
 	{ PR_openat,		0 },
 	{ PR_pivot_root,	0 },
+	{ PR_prctl,         0 },
 	{ PR_ptrace,		FILTER_SYSEXIT },
 	{ PR_readlink,		FILTER_SYSEXIT },
 	{ PR_readlinkat,	FILTER_SYSEXIT },
